This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Creating a RADIUS monitoring account for Citrix NetScaler in RSA Authentication Manager 8.x

Article Number

000038058

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

Issue

This article explains how to create a RADIUS monitoring account that attempts to log into the RADIUS server.

Resolution

On the RSA Authentication Manager server

  1.  Login to the Security Console of your primary server.
  2. Create a new user (Identity > Users > Add New), being sure to ad all required information.  When done, click Save.
  3. Using the Search Criteria options on the left, search for the new user.
  4. Click on the context arrow next to the user ID and choose Authentication Settings.
  5. Check the option to Allow authentication with a fixed passcode.
  6. Enter and confirm the fixed passcode.  For example, 87654321.
  7. Click Save when done.
  8. Be sure to login to the Self-Service Console at least once with the new user ID and fixed passcode because you will be asked to change the fixed passcode.
  9. When prompted, change the fixed passcode to something else (for example, 12345678).  
  10. Use the newly updated fixed passcode with the monitoring account.
 

There is no need to assign a token to your monitoring user as long as you are using a fixed passcode. You don’t want to waste a token on a user just for monitoring.

 

On the Citrix NetScaler

  1. In the NetScaler Configuration Utility, on the left under Traffic Management > Load Balancing, click Monitors. On the right, click Add.
  2. Provide a name for the monitor.
  3. Change the Type listed in the drop-down to RADIUS.
  4. On the Standard Parameters tab, you might have to increase the Response Time-out to 4.
  5. On the Special Parameters tab, enter valid RADIUS credentials: 
    1. In the User Name field, type the user ID of the user created in the Security Console.
    2. In the Password field, enter the fixed passcode which was set in the Self-Service Console.
    3. In the Radius Key Field, enter the shared secret configured on RSA Authentication Manager server and Citrix NetScaler:
Image descriptionImage description
 
  1. On the left, expand Traffic Management, expand Load Balancing, and click Service Groups then choose the created service group for RSA RADIUS.
  2. On the right, in the Advanced Settings column, click Monitors and on the Monitors Section, click on No Service Group to Monitor Binding.
  3. Click the arrow next to Click to select and Select your new RADIUS monitor.  Click Select then click Bind.
 

To verify that RADUS monitoring is working correctly

  1. After Binding, verify that member is up by clicking on Service Group Members and click Monitor Details.  It should say RADIUS response code 2 or 3 was received. Click OK then Done.
  2. From the Security Console add a new report, selecting the Authentication Activity template or use the real time authentication activity report (Reporting > Real-time Activity MonitorsAuthentication Activity Monitor > Start Monitor). With either option there should be see successful login attempts from the RADIUS monitoring account
Tags (78)
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-24 12:54 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.